Despite customer interest, channel struggles with threat management

By Nicole D'Amour, Site Editor 16 Mar 2009 | SearchSecurityChannel.com

Security Channel Update Digg This!     StumbleUpon     Del.icio.us

Keeping customers aware of the latest threats and vulnerabilities is a daunting task. How much time do customers spend thinking about threat and vulnerability management? The results of a recent TechTarget survey of more than 900 security professionals suggest that end users intend to spend more on vulnerability management in 2009. But this data doesn't necessarily match up with what solution providers are seeing in the field.

Approximately 21% of survey respondents indicated they would spend more on defending against viruses, malware and intrusions in 2009. This spending would come before data protection, identity management and application security expenditures.

However, Adam Gray, chief technology officer of Novacoast Inc., a consulting company in Santa Barbara, Calif., has not seen any evidence, anecdotal or otherwise, to support an increased interest in threat and vulnerability management.

Understanding how to correlate is more of an art than a science. Kent Knudsen information systems security manager, K2Share LLC

"I wish more attention was paid to that, but we're still seeing enterprise accounts that have malicious software problems and we're still seeing attacks on the rise without appropriate controls," he said, adding that patch management is still a struggle for a number of companies.

Customers with patch management problems are perhaps not paying enough attention to the more commoditized threat management issues, according to Gray. "We haven't seen as many companies invest in that, especially as the economy has worsened," Gray said. With 45% of survey respondents saying that they plan on leveraging features in existing hardware or software for patch management, Gray's concerns are no surprise.

This behavior, Gray warned, can quickly damage a company. "Being stagnant in the security world puts you at a worse risk position. If you do nothing at all, you're worse off than you were yesterday." That's because he noted that threat and vulnerability problems can quickly mount if they aren't resolved, making customer environments dramatically less secure.

Half of the survey respondents cited correlating threats and vulnerabilities as their major vulnerability management challenge.

"Understanding how to correlate is more of an art than a science," said Kent Knudsen, information systems security manager at K2Share LLC, a provider of information technology-based business solutions based in College Station, Tx. He added that correlation is greatly needed, but today's correlation tools are still maturing and expensive.

Knudsen also mentioned that there are open source alternatives to threat correlation, but the risks outweigh the benefits of using such software.

"Unless you're able to go through the code yourself line by line to make sure [the programmers] haven't put some sort of back door in it, you have to ask if you can trust that software." While not without merit, free and open source correlation tools can have serious security implications if used incorrectly and must be considered extremely carefully.

Another aspect of the survey asked respondents how their spending would change on individual technologies. Approximately 56% said their antivirus/antiworm spending would remain the same as last year, while 59% said their antispyware investments would also be flat.

This is a problem, according to Knudsen. Citing recent data breaches in the news, he wondered if solution providers would soon need to consider antivirus alternatives.

More on threat and vulnerability management Migrating to unified threat management: Take your cue from the customer Unified threat management explained The benefits of unified threat management devices

"The real curiosity point for me," Knudsen said, "is how did [the affected companies] get infected; they had antivirus software and it was malware that took them down." If antivirus cannot pick up on threats that can seriously affect a company's security posture, he continued, then something else may need to be considered.

Knudsen mentioned that whitelisting was one technology he was keeping his eye on as an alternative to antivirus. "It will be something to watch to see if it takes off or if it just muddles along."

Still, regardless of a customer's size or risk posture, it is vital that solution providers communicate the importance of threat and vulnerability management to customers. "I try to first understand what it is they're trying to protect and what value it has," Knudsen said. "If they understand their information and the level to which they need to protect it, it's a simple matter of telling them what it would cost to protect it."

Tags: Vulnerability and patch management,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Vulnerability and patch management Mitigating zero-day vulnerabilities in customers' environments Portcullis Systems adds HP security products to Microsoft customers Agilex partners with HBGary to offer security forensic, assessment services Snort vs. Microsoft Security Bulletin MS08-068 Top security tips for solutions providers Top five security service provider tips of 2007 The true cost of offering patch management services Microsoft WSUS deployment guide Antivirus software patch management Should hotfix testing be performed by the QA department or by support?

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary